macOS 11.3 Patches Security Vulnerability That Bypassed Built-In Malware Protections
Apple today confirmed to TechCrunch that the just-released macOS 11.3 software update patches a security vulnerability that reportedly could have allowed a hacker to remotely access a user's sensitive data by tricking a user into opening a spoofed document.
"All the user would need to do is double click — and no macOS prompts or warnings are generated," said security researcher Cedric Owens, who discovered the vulnerability in mid-March, according to the report. Owens developed a proof-of-concept app masquerading as a harmless document that exploits the bug to launch the Calculator app, but he said the vulnerability could be exploited for more nefarious purposes.
According to security researcher Patrick Wardle, the vulnerability was the result of a logic bug in macOS's underlying code.
"In simple terms, macOS apps aren't a single file but a bundle of different files that the app needs to work, including a property list file that tells the application where the files it depends on are located," explains TechCrunch. "But Owens found that taking out this property file and building the bundle with a particular structure could trick macOS into opening the bundle — and running the code inside — without triggering any warnings."
In addition to fixing the bug in macOS 11.3, Apple told TechCrunch it patched earlier macOS versions to prevent abuse, and updated macOS's built-in anti-malware system XProtect to block malware from exploiting the vulnerability. The report says the bug was exploited for months, but it's unclear how many users were impacted.
Popular Stories
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for more than five more months, there are already plenty of rumors about the devices.
It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component...
The all-new MacBook Neo has been such a hit that Apple is facing a "massive dilemma," according to Taiwan-based tech columnist and former Bloomberg reporter Tim Culpan.
In the iPhone 16 Pro models, the A18 Pro chip has a 6-core GPU. During the chip manufacturing process, however, sometimes a CPU or GPU core can turn out to be faulty. Rather than discarding the leftover A18 Pro chips with...
Apple is looking for a "breakthrough" with its push into wearable AI devices, including an "AirTag-sized pendant," according to Bloomberg's Mark Gurman.
In a report, he said the pendant is reminiscent of the failed Humane AI Pin, but it would be an iPhone accessory rather than a standalone product.
The pendant would feature an "always-on" camera and a microphone for Siri voice commands,...
Popular Stories
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for more than five more months, there are already plenty of rumors about the devices.
It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component...
The all-new MacBook Neo has been such a hit that Apple is facing a "massive dilemma," according to Taiwan-based tech columnist and former Bloomberg reporter Tim Culpan.
In the iPhone 16 Pro models, the A18 Pro chip has a 6-core GPU. During the chip manufacturing process, however, sometimes a CPU or GPU core can turn out to be faulty. Rather than discarding the leftover A18 Pro chips with...
Apple is looking for a "breakthrough" with its push into wearable AI devices, including an "AirTag-sized pendant," according to Bloomberg's Mark Gurman.
In a report, he said the pendant is reminiscent of the failed Humane AI Pin, but it would be an iPhone accessory rather than a standalone product.
The pendant would feature an "always-on" camera and a microphone for Siri voice commands,...
